CVE-2020-1503

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created. The update addresses the vulnerability by changing the way certain Word functions handle objects in memory.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*
cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2016:*:*:*:*:macos:*:*
cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*
cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*
cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*
cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*

History

19 Jan 2024, 00:15

Type Values Removed Values Added
Summary <p>An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.</p> <p>To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.</p> <p>The update addresses the vulnerability by changing the way certain Word functions handle objects in memory.</p> An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created. The update addresses the vulnerability by changing the way certain Word functions handle objects in memory.

04 Jan 2024, 02:15

Type Values Removed Values Added
CWE CWE-200 NVD-CWE-noinfo
Summary An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory, aka 'Microsoft Word Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1502, CVE-2020-1583. <p>An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.</p> <p>To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.</p> <p>The update addresses the vulnerability by changing the way certain Word functions handle objects in memory.</p>

Information

Published : 2020-08-17 19:15

Updated : 2024-02-04 21:00


NVD link : CVE-2020-1503

Mitre link : CVE-2020-1503

CVE.ORG link : CVE-2020-1503


JSON object : View

Products Affected

microsoft

  • office_web_apps
  • office
  • sharepoint_enterprise_server
  • sharepoint_server
  • 365_apps
  • word
  • office_online_server